Five Eyes fears rise over Aussie encryption laws

Australia is facing increased criticism from industry and advocacy groups across the group of intelligence-sharing nations known as the Five Eyes, with fears its new data encryption laws could represent a weakening of the alliance, and leave it out on a limb on citizens' security and privacy rights.

The concerns, detailed in interviews with The Australian Financial Review, come after an international coalition of 36 civil society organisations, technology companies and industry bodies filed a submission to the Australian government calling for amendments to the law on Friday.

Australia's Telecommunications Assistance and Access laws, passed in December, granting government agencies new powers to force technology companies to decrypt messages on their platforms to aid criminal and national security investigations.

Australia is facing increased criticism from industry and advocacy groups across allied countries, with fears new data encryption laws could represent a weakening of rights and security. Toh Kheng Guan

However they have been criticised by local industry groups and technology companies like Atlassian for their potentially harmful impact on business competitiveness and individual privacy.

Now international criticism is starting to arise as overseas experts and privacy advocates assess the potential impacts of the laws. There are fears that intelligence officers in Australia's allied countries like the US, Britain, New Zealand and Canada could lean on Australian officials to bypass their own privacy laws, and also that weaknesses built into software in Australia could weaken online security further afield.

Advertisement

Human Rights Watch senior researcher Cynthia Wong said that while the parameters for intelligence-sharing among the Five Eyes were classified, it was well understood that arrangements between the countries were "quite generous", meaning Australian authorities were likely to snoop on behalf of the US.

"The US, which does not have any back-door requirement in place like in Australia or the UK, might use this to get around [local regulations]," she said.

Friday's submission from global activist groups including Human Rights Watch and the World Privacy Forum, as well as Australian entities like Linux Australia and Digital Rights Watch, described the laws as "deeply flawed".

"The broad surveillance tools created by the Assistance and Access Act 2018 should be reined in, to avoid the risk that they could be used to authorise government demands that providers weaken the security features of their products," it said.

When asked about the potential for Australia to become a loophole for US surveillance, a spokesman for the Department of Home Affairs said Australian intelligence agencies would only share "appropriate information" with foreign partners, where appropriate and authorised under law, in the "interests of mutual security".

"The sharing of information connected to new laws established under the Assistance and Access Act is subject to strict use and disclosure rules and independent oversight by the Inspector-General of Intelligence and Security," the spokesman said.

Ms Wong however said there were "plenty of loopholes" available which would enable an intelligence partner like the US to make use of Australia's laws.

Advertisement

US officials can access Australian-sourced data, for example, if an Australian official "freely offers" to share it. This means unofficial US requests could feasibly be passed on to local officials making it clear that allies would like certain communications investigated.

Internal divisions

Security experts also said Australia could also face a backlash against Australia from Five Eyes intelligence partners, who would have reduced trust in the security of Australian systems against malicious actors.

Susan Landau, professor of cyber security and policy at Tufts University in Massachusetts, said that in the eight years that US law enforcement had been advocating for decryption powers, the intelligence apparatus had not joined them.

Professor Landau said intelligence agencies recognised the need to preserve strong encryption systems, free from the reach of criminal parties and adversarial state actors.

Chris Parsons, research associate at Citizen Lab at the University of Toronto, said "cryptographic weaknesses" introduced into products in Australia may be "built into companies' global infrastructures" and thus be potentially exploitable by persons intent on targeting Canadians.

Independent MP Andrew Wilkie, who previously served as an intelligence analyst, said the backdoors required by the new intelligence laws would create software vulnerabilities that would jeopardise Australia's own classified information. Alex Ellinghausen / Fairfax Media

Advertisement

Home Affairs Minister Peter Dutton has previously told the The Australian Financial Review that "only Australia's first law officer, the Attorney-General, with approval from the Minister for Communications can require that a company build a new capability. By law these cannot be decryption capabilities".

However independent MP Andrew Wilkie, who previously served as an intelligence analyst, said the back doors required by the new intelligence laws would create software vulnerabilities that would jeopardise Australia's own classified information.

"They will also be a disincentive to allies sharing information with us or being able to rely on what data we might share with them," Mr Wilkie said.

"Nor would this be of concern only to our security allies, but even our trading partners and international businesses could be cautious about dealing with Australian public and private organisations as a result of these laws."

Mr Parsons also said that besides directly introducing security risks, the Australian laws might "economically disincentivise" the development of strong encryption in the first case or reduce consumers' overall trust in automated software updates.

Several experts said the reach of intelligence gathered through decryption could feasibly extend beyond the Five Eyes network to security allies like NATO and Israel.

Ms Wong said it was "troubling" that the Australian government had reportedly already begun using powers that are under review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and that any future amendments would have to change laws that are already in operation.

The development of alternative supplies of critical minerals, as well as other joint efforts by Australia and the United States to address Chinese influence in the region, will dominate talks in Washington.